You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by gg...@apache.org on 2022/11/15 16:11:29 UTC
[commons-bcel] branch master updated: org.apache.bcel.classfile.Attribute constructors now throw ClassFormatException on invalid name index input.
This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-bcel.git
The following commit(s) were added to refs/heads/master by this push:
new e6e52645 org.apache.bcel.classfile.Attribute constructors now throw ClassFormatException on invalid name index input.
e6e52645 is described below
commit e6e52645598401e244e2f74882545df9c10da489
Author: Gary David Gregory (Code signing key) <gg...@apache.org>
AuthorDate: Tue Nov 15 11:11:25 2022 -0500
org.apache.bcel.classfile.Attribute constructors now throw
ClassFormatException on invalid name index input.
---
src/changes/changes.xml | 1 +
.../java/org/apache/bcel/classfile/Attribute.java | 3 ++-
src/main/java/org/apache/bcel/util/Args.java | 27 ++++++++++++++++++----
3 files changed, 26 insertions(+), 5 deletions(-)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 3e2a7f23..f0b8a76b 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -74,6 +74,7 @@ The <action> type attribute can be add,update,fix,remove.
<action type="fix" dev="markt" due-to="OSS-Fuzz">When parsing an invalid class, ensure ClassParser.parse() throws ClassFormatException, not IllegalArgumentException.</action>
<action type="fix" dev="markt" due-to="OSS-Fuzz">Ensure Code attributes with invalid sizes trigger a ClassFormatException.</action>
<action type="fix" dev="ggregory" due-to="Gary Gregory">org.apache.bcel.classfile.Deprecated constructors now throw ClassFormatException on invalid length input.</action>
+ <action type="fix" dev="ggregory" due-to="Gary Gregory">org.apache.bcel.classfile.Attribute constructors now throw ClassFormatException on invalid name index input.</action>
<!-- UPDATE -->
<action type="update" dev="ggregory" due-to="Gary Gregory">Bump spotbugs-maven-plugin from 4.7.2.2 to 4.7.3.0 #167.</action>
</release>
diff --git a/src/main/java/org/apache/bcel/classfile/Attribute.java b/src/main/java/org/apache/bcel/classfile/Attribute.java
index ff2b92b4..d4a66312 100644
--- a/src/main/java/org/apache/bcel/classfile/Attribute.java
+++ b/src/main/java/org/apache/bcel/classfile/Attribute.java
@@ -24,6 +24,7 @@ import java.util.HashMap;
import java.util.Map;
import org.apache.bcel.Const;
+import org.apache.bcel.util.Args;
/**
* Abstract super class for <em>Attribute</em> objects. Currently the <em>ConstantValue</em>, <em>SourceFile</em>,
@@ -239,7 +240,7 @@ public abstract class Attribute implements Cloneable, Node {
protected Attribute(final byte tag, final int nameIndex, final int length, final ConstantPool constantPool) {
this.tag = tag;
- this.name_index = nameIndex;
+ this.name_index = Args.requireU2(nameIndex, 0, constantPool.getLength(), "Invalid name index");
this.length = length;
this.constant_pool = constantPool;
}
diff --git a/src/main/java/org/apache/bcel/util/Args.java b/src/main/java/org/apache/bcel/util/Args.java
index e6d49dc3..7b85e885 100644
--- a/src/main/java/org/apache/bcel/util/Args.java
+++ b/src/main/java/org/apache/bcel/util/Args.java
@@ -42,20 +42,39 @@ public class Args {
}
/**
- * Requires a u2 value of at least {@code min}.
+ * Requires a u2 value of at least {@code min} and not above {@code max}.
*
* @param value The value to test.
- * @param min The minimum required value.
+ * @param min The minimum required u2 value.
+ * @param max The maximum required u2 value.
* @param message The message prefix
* @return The value to test.
*/
- public static int requireU2(final int value, final int min, final String message) {
- if (value < min || value > Const.MAX_SHORT) {
+ public static int requireU2(final int value, final int min, final int max, final String message) {
+ if (max > Const.MAX_SHORT) {
+ throw new IllegalArgumentException(String.format("Programming error: %,d > %,d", max, Const.MAX_SHORT));
+ }
+ if (min < 0) {
+ throw new IllegalArgumentException(String.format("Programming error: %,d < 0", min));
+ }
+ if (value < min || value > max) {
throw new ClassFormatException(String.format("%s [Value out of range (%,d - %,d) for type u2: %,d]", message, min, Const.MAX_SHORT, value));
}
return value;
}
+ /**
+ * Requires a u2 value of at least {@code min}.
+ *
+ * @param value The value to test.
+ * @param min The minimum required value.
+ * @param message The message prefix
+ * @return The value to test.
+ */
+ public static int requireU2(final int value, final int min, final String message) {
+ return requireU2(value, 0, Const.MAX_SHORT, message);
+ }
+
/**
* Requires a u2 value.
*